Uncover Hidden Security Risks
Since our inception in 2012, Raxis helps organizations learn how they may be at risk by manually performing over 300 penetration tests a year. Our penetration testing team will conduct an actual hack attempt against your systems using manual testing techniques, including vulnerability/code exploitation and exfiltration of data. Our Atlanta based team of pentesters are seasoned professionals who have worked the offensive and defensive side of information security, holding respected certifications like the OSCP and CISSP.
Strike the balance between information security and your business goals.
Feel free to recreate our hack on your own and then learn how to remediate.
Raxis pentesters hold certifications like the OSCP, CISSP, CISM, and others.
Our pentesting methodology is based on NIST 800-115 to meet regulatory standards.
Penetration Testing is our Speciality
Raxis performs External Penetration Testing to help identify where the real risk is with your internet facing systems. Live-fire attacks are performed against your external/internet servers and network equipment in order to gain a foothold into your internal resources. These attacks will be followed by attempts pivot into other critical servers to attain private data. We'll help you uncover the exposures you have to the internet as each and every step of the pen test will be documented in a detailed report with authentic screenshots obtained during the hack. Once we've completed testing, the report aids in repairing security weaknesses, gaining additional funding for system upgrades, or submitting evidence to regulatory entities as part of a compliance program.
Raxis Internal Penetration Testers have strong experience in building, maintaining, and securing internal network infrastructures for companies of all sizes, from multi-national organizations to local businesses. The Raxis team has worked extensively with networks that employ tools from Microsoft Active Directory to Unix/Linux servers that host large-scale websites and databases. Using this expertise, the Raxis team will examine your internal network for various vulnerabilities such as issues stemming from unpatched systems to misconfigurations such as default and null credentials.
Our wireless testing will help you understand the potential security risks that your systems may be exposed to. Raxis testers examine the WiFi technology in place throughout your site(s) and attempt to gain further access through gathering and cracking Pre-Shared Keys (PSK) and/or creating rogue access points as well as exploiting insecure technologies such as WEP and WPA/WPA2. Raxis testers will map out your network and inform you of rogue access points that are already in place. Raxis will also test your guest wireless network for segmentation to ensure that your internal network is protected.
Raxis web app penetration testers have extensive experience as web developers using cutting edge as well as legacy web tools, databases and frameworks. We’ve worked extensively with languages from Node.js to Java frameworks such as Struts and with databases from MongoDB and MySQL to Oracle. Raxis has been successful in performing privilege escalation, information disclosure, and database compromise on multiple past projects. In past tests we have discovered private customer and system information using vectors such as SQL injection, file path traversal and cross-site scripting. App security is an area of risk that is exploited often by malicious actors on the internet, and Raxis can help ensure your application stays secure.
Raxis penetration testers are also code developers that have a strong understanding of Application Programming Interface (API) calls. REST, or Representational State Transfer, is an architectural standard used in web based APIs. We've worked extensively with REST and SOAP calls for both mobile and traditional web applications. Raxis has been successful in performing privilege escalation, information disclosure, and database compromise on multiple past projects.
We've written mobile applications - we mix this with our security expertise to provide an extensive pentest of your custom mobile app. We've worked extensively with mobile coding languages and frameworks for Apple, Android and Windows mobile devices. Raxis' mobile application testing encompasses injection testing such as SQLi and directory path traversal as well as session testing such as SSL pinning and testing of the application itself for insecure data storage within application files that are downloaded to user devices. Raxis has been successful in performing privilege escalation, information disclosure, and database compromise on multiple past projects.
Raxis has extensive experience with embedded systems and has performed penetration testing against the latest IoT technology for global manufacturers. From set top TV devices to mission critical SCADA systems, you can count on the team at Raxis to discover security risks that may be hidden within. We'll study the system in great detail and perform fuzzing techniques against the system to find any security vulnerabilities, ultimately to assist you in quickly remediating them.
Transporter Remote Access
Using our Transporter solution, Raxis can securely perform any type of penetration test against your systems located anywhere in the world from our offices in Atlanta.
Rather have us come to you? No problem, we will travel to your location anywhere in the US or the world.
If your systems are available externally or on cloud hosted systems, Raxis can perform the penetration test over the internet. We have experience with Amazon, Azure, Rackspace, DigitalOcean, and others.
Advanced Firewall/IPS Validation
We'll use evasion techniques and validate effectiveness of your controls. Whitelisting may be necessary in some cases to ensure a quality test of underlying systems.
Follow Along and Recreate Our Hack
You'll be able to follow along, find out how to obtain the tools, and learn how to re-create our attack to experience first hand how your systems can be exploited.
We'll also provide steps and references to help you remediate the issues and stay secure. However, if you have trouble, you're always welcome to speak with your Raxis pentester to get further information on how to recreate the hack on your own system. While we use a variety of tools and custom scripts in the course of our work, Raxis only performs manual penetration testing using a highly qualified penetration tester. Our custom authored penetration testing reports are manually written with screenshots provided from actual evidence.
A Smarter Way to Stay Secure
Learn how hacking can help find and fix security gaps you never knew about.